BIVBlog #30: News on the Hardware Random Number Generator

After some component shopping and leaving the current prototype to produce some serious test output, my hardware random number generator project takes several unexpected turns.


Table of Contents

00:00:45 What case to use for the device?
00:01:45 Shopping somewhat specialized components
00:02:35 Kasper Pedersen’s suggestion using a Schottky diode and some new performance observations
00:03:50 Surprising results with alternative Zener diodes
00:05:40 PIC and MSP430 programmers, SMD vs. through-hole soldering, and reconsidering my choice of microcontroller
00:08:00 Auditing PCBs with SMD ICs, and ideas on production
00:10:23 Test results from my current prototype
00:11:50 Whitebox testing the generator
00:12:17 Checksumming the output
00:12:45 Additional testing within the microcontroller
00:13:35 Documenting the project
00:13:55 Threat models with hardware random number generators
00:15:00 Reading recommendation: Ross Anderson, Security Engineering
Update: There’s a second edition available both in print and online

Resources

Ross Anderson, Security Engineering with both first and second edition available online.

About

Long term IPv6 evangelist/book author/trainer/consultant and generic Unix guy (*BSD, Linux, Solaris, and about a dozen more).

6 Comments

  1. I couldn’t help myself.

    Here is a much simpler version of a thermal noise source. It uses one (dual) opamp, 7 resistors, 3 capcacitors, and outputs 200mV RMS 30kHz bandwidth noise.

    Schematic: http://n1.taur.dk/noisesourcesch2.jpg
    As built: http://n1.taur.dk/noisesourcepic.jpg
    Sampled output: http://n1.taur.dk/noise-16bit-raw-48kHz.raw

    200mV is about as much as it is possible to get out of the single package. There is plenty of gain left in the opamp, but the total gain must be set comfortably lower than the crosstalk to prevent oscillation. The 800Hz high pass is intentional, it rejects hum. And the circuit requires shielding, otherwise it is a finger proximity detector.

    /Kasper

    • Benedikt Stockebrand

      Hi Kasper,

      that looks pretty cool! But of course, I immediately have a question (or three): The capacitors according to your diagram are 1uF/1uF/22uF from left to right; what do you use there? With those capacitances I’d expect electrolytic caps, but all I see on your photo are three ceramics, two of them apparently stacked on top of each other. Did you mean nF instead of uF?

      Anyway, a lot of crazy things have happened lately with and around my stuff. If things work out I’ll record another episode tonight, primarily on the concept of entropy but also with an update on what happened since the last video.

      Cheers,

      Benedikt

  2. I do mean uF.

    To the very left, under the 10K, is the 1uF 16V X7R (CC1206KKX7R7BB105) on the center voltage. At the very right, on the bottom, is a 2.2nF capacitor I erroneously picked out of the bag, thinking it was 1uF. Rather than remove it, I slapped 1uF on top of it.
    And the big 1210-sized 22uF 16V X5R is very much a ceramic (GRM32ER61C226KE20L).

    When picking ceramic capacitors, pay attention to the dielectric (here X7R and X5R). Some of the dielectrics (such as Y5V) offer wild capacitances in small packages, but are so voltage dependant that they lose 80% of their capacitance at rated voltage, are dangerously microphonic, and so forth.

    Here’s a fun thing: As built, the bandwidth limit is on the first stage. So halving the noisy resistor, while it reduces the noise/Hz to 0,7, also should double the bandwith, producing the same RMS output.

    /Kasper

    • Benedikt Stockebrand

      Hi Kasper,

      sorry for the late answer, but the next video is coming up and there’s some info on what has happened in the last two weeks…

      Anyway, thanks for your explanations about high capacity ceramic caps; so far my junk bin ceramics caps only go up to 470nF, which happens where my electrolytics start…

      From the discussions throughout this week’s Cryptech meeting in Stockholm I’ve learned a few things which showed me that picking the right technology for a cryptographically sound HWRNG is even worse than I thought. I’ll try your circuit as soon as I get hold of a TLC072 (next time I mail order components, it’ll be on the list); with the shielding issue is something I’m a bit uncomfortable about in this sort of context, but then again, with all the dead ends I’ve run into so far any new option to have as an alternative solution is really welcome news to me.

      Cheers,

      Benedikt

  3. Patrick

    I have to add one pro Kasper’s design.

    Using lower voltages allows for greater bandwidth. When I saw your first video in which you’ve bee using 6V+ Zener – it was the very first thing that crossed my mind – Go lover voltage. On top of that if you start using lover voltage your signal edges become much steeper and that’s what allows faster signal generation.

    Any how, I just stumbled up on your blog yesterday. I am very interested in what you are doing. Actually I have fev similar projects in the pipeline. I would like to keep in touch and exchange observations.

    From what I’ve seen so far – Great work!

    • Benedikt Stockebrand

      Hi Patrick,

      sorry for the delay, but aside from generally being painfully busy the last few weeks, I spent the entire week at the RIPE meeting in London.

      Anyway, it’s not quite as easy as it seems: If I lower the breakdown voltage of the “Zener” diodes I use below 6.8V, then the signal quickly gets much weaker. The bandwidth should increase at that case because the Zener effect (single electrons tunneling through the junction) will take over from the avalanche effect (bursts of electrons breaking through) but using true Zener noise requires much more amplification, which in turn makes the entire design much more susceptible to external manipulation.

      If I went *up* with the breakdown voltage, then the frequency spectrum would also shift some, but at the same time the power consumption would also increase, the latter approximately at the square of the voltage. Since USB only provides 100mV without previous negotiation with the host, and me actually believing that specs are there to adhere to, the result is that I do use the 6.8V.

      Similar considerations applied to the external voltage used to drive the “Zener” diodes, so what happened that I first got that circuit running somehow using two transistors for amplification, and then tuning various parameters until I got the fastest output I could get at the least possible power consumption.

      Cheers,

      Benedikt

Leave a Reply to Benedikt Stockebrand Cancel reply

Your email address will not be published.